sys.key_encryptions (Transact-SQL)

Applies to: SQL Server Azure SQL Database Azure SQL Managed Instance

Returns a row for each symmetric key encryption specified by using the ENCRYPTION BY clause of the CREATE SYMMETRIC KEY statement.

Column names Data types Description
key_id int ID of the encrypted key.
thumbprint varbinary(32) SHA-1 hash of the certificate with which the key is encrypted, or the GUID of the symmetric key with which the key is encrypted.
crypt_type char(4) Type of encryption:

ESKS = Encrypted by symmetric key

ESKP, ESP2, or ESP3 = Encrypted by password

EPUC = Encrypted by certificate

EPUA = Encrypted by asymmetric key

ESKM = Encrypted by master key
crypt_type_desc nvarchar(60) Description of encryption type:

ENCRYPTION BY SYMMETRIC KEY

ENCRYPTION BY PASSWORD
(Beginning with SQL Server 2017 (14.x), includes a version number for use by CSS.)

ENCRYPTION BY CERTIFICATE

ENCRYPTION BY ASYMMETRIC KEY

ENCRYPTION BY MASTER KEY

Note: Windows DPAPI is used to protect the service master key.
crypt_property varbinary(max) Signed or encrypted bits.

Permissions

The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user was granted some permission. For more information, see Metadata Visibility Configuration.

See Also

Catalog Views (Transact-SQL)
Security Catalog Views (Transact-SQL)
Encryption Hierarchy
CREATE SYMMETRIC KEY (Transact-SQL)